From: Aram Sargsyan Date: Tue, 16 Jun 2026 11:08:14 +0000 (+0000) Subject: Add a maximum length for isc_url_parse() input buffer X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=b878f82409468842acf56c496025cee19b66a2bc;p=thirdparty%2Fbind9.git Add a maximum length for isc_url_parse() input buffer The isc_url_parse() function failed to check the input buffer's length and assumed that it can't be bigger than UINT16_MAX, because both the 'off' and 'len' fields of the 'isc_url_parser_t' structure are uint16_t. Add a check to not accept a buffer longer than UINT16_MAX. --- diff --git a/lib/isc/url.c b/lib/isc/url.c index eaa10129b0d..6d378039a42 100644 --- a/lib/isc/url.c +++ b/lib/isc/url.c @@ -549,8 +549,8 @@ isc_url_parse(const char *buf, size_t buflen, bool is_connect, int found_at = 0; const char *p = NULL; - if (buflen == 0) { - return ISC_R_FAILURE; + if (buflen == 0 || buflen > UINT16_MAX) { + return ISC_R_RANGE; } up->port = up->field_set = 0;